While exploring my network I discovered that there was a securty vulnerability with my Lorex Technology ECO DVR. After doing more research and reaching out to the vendor and US-CERT I have finally documented and disclosed my first vulnerability report. It was a great learning experience working through the process and practicing responsible disclosure. Unfortunately with cve.mitre.org changing its coverage goals it did not get a CVE identifier. I submitted my report to Bugtraq and the original can be found here or here.
Product: Lorex Technology ECO DVR
Vendor URL: https://www.lorextechnology.com/
Type: Hard …